[ Príspevkov: 22 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 23.01.08
Prihlásený: 24.10.09
Príspevky: 8
Témy: 1 | 1
NapísalOffline : 25.01.2008 16:48 | červ..

Mohol by mi prosim niekto povedat ako sa nadobro zbavit cerva? nejak to antivirak nedokáže, neustale pise ze bol najdeny virus a ulozeny do karanteny no znicit sa neda.. moc sa v Pc nevyznam, no uz mi zacina liest na nervicky a odvtedy nejak spomaluje pocitac i net... asi blba otazka , ale neporadite mi nieco,please :cry: ...[b[/b]


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 05.01.08
Prihlásený: 22.04.10
Príspevky: 310
Témy: 33 | 33
NapísalOffline : 25.01.2008 18:17 | červ..

Aky mas antivir? Vies aky ma ten cerv nazov? Vies v ktorom priecinku sa nachadza?


Offline

Čestný člen
Čestný člen
červ..

Registrovaný: 07.04.07
Prihlásený: 09.12.17
Príspevky: 4438
Témy: 82 | 82
Bydlisko: Rožňava
NapísalOffline : 25.01.2008 18:42 | červ..

Na začiatok sem vlož log z HijackThis
http://www.pcforum.sk/cistime-napadnuty ... 27265.html


_________________
PC1: l CPU: AMD Phenom II X4 955BE C3 l MB: MSI 870A-G54 l RAM: 2x4GB A-DATA Gamers Series 1600 CL9 l VGA: SAPPHIRE R9 280X VAPOR-X l
HDD: SAMSUNG F3 1TB l DVD-RW: LG H22N l PSU: CORSAIR VX450W l MONITOR: LG LCD W2284F-PF l OS: WINDOWS7 HOME PREMIUM l
PC2: l CPU: AMD AthlonXP 2100+ 1733MHz (jadro Thoroughbred - B) socket A l MB: ASRock K7VT4A Pro l RAM: Apacer 1280MB 333MHz CL2.5 l
VGA: ASUS Nvidia N7600GS SILENT l HDD: Seagate 120GB ATA l CD-RW/DVD: LG H12 l PSU: Trust 370W l MONITOR: LG FLATRON L1919S l OS: XP SP3 SK l
NOTEBOOK: ASUS U36SG
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 23.01.08
Prihlásený: 24.10.09
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 25.01.2008 21:54 | červ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:16, on 25. 1. 2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\DAEMON Tools\daemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Mobile Phone Manager\bin\Mobile Phone Manager.exe
C:\PROGRA~1\MOBILE~1\bin\SCfgSrv.exe
C:\PROGRA~1\MOBILE~1\bin\DESPROXY.exe
C:\PROGRA~1\MOBILE~1\bin\SPHONE~1.EXE
C:\PROGRA~1\MOBILE~1\bin\SCONTA~1.EXE
C:\PROGRA~1\MOBILE~1\bin\MESSAG~1.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MOBILE~1\bin\MPMPim.exe
C:\PROGRA~1\MOBILE~1\bin\SMESSE~1.EXE
C:\PROGRA~1\MOBILE~1\SMARTS~1\xtndpc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69:3128
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\mmcc.exe
O4 - HKLM\..\Run: [Sund32] C:\WINDOWS\System32\gpthread32.exe
O4 - HKLM\..\Run: [wmml1.101] C:\WINDOWS\wmml1.101.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ferg] C:\WINDOWS\ferg.exe s
O4 - HKLM\..\Run: [spup.exe] C:\WINDOWS\chater07.exe s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Mobile Phone Manager.lnk = C:\Program Files\Mobile Phone Manager\bin\Mobile Phone Manager.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} (ST WebDialer Control) - http://zona.t-com.sk/t-com-voi-campaign ... Dialer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4454055390
O20 - AppInit_DLLs: comdavwa.dll ipxrir32.dll kbdgmqqm.dll inetcomu.dll s11twsht.dll ddragdi3.dll ru9j8i.dll e1.dll
O20 - Winlogon Notify: admewinr - C:\WINDOWS\
O20 - Winlogon Notify: davcgpte - C:\WINDOWS\
O20 - Winlogon Notify: fpwprasa - C:\WINDOWS\
O20 - Winlogon Notify: pngfuxth - C:\WINDOWS\
O20 - Winlogon Notify: vdmdracp - C:\WINDOWS\
O20 - Winlogon Notify: vp7vmcia - C:\WINDOWS\System32\vp7vmcia.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)

--
End of file - 8755 bytes

dufam, ze som to urobila spravne... inac antivirusovy program: ESET NOD 32 a ako objekt vypise: C:/Windows/system32/vp7vmcia.exe
..dik za pomoc, ja sa fakt v tom moc nevyznam..


Offline

Čestný člen
Čestný člen
červ..

Registrovaný: 07.04.07
Prihlásený: 09.12.17
Príspevky: 4438
Témy: 82 | 82
Bydlisko: Rožňava
NapísalOffline : 25.01.2008 22:13 | červ..

Stiahni Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
a prejdi systemom, počas testu sa riad pokynmi a neklikaj na obrazovku, počitač môže byť reštartovaný

Potom vlož log zo suboru C:\ComboFix.txt :)


_________________
PC1: l CPU: AMD Phenom II X4 955BE C3 l MB: MSI 870A-G54 l RAM: 2x4GB A-DATA Gamers Series 1600 CL9 l VGA: SAPPHIRE R9 280X VAPOR-X l
HDD: SAMSUNG F3 1TB l DVD-RW: LG H22N l PSU: CORSAIR VX450W l MONITOR: LG LCD W2284F-PF l OS: WINDOWS7 HOME PREMIUM l
PC2: l CPU: AMD AthlonXP 2100+ 1733MHz (jadro Thoroughbred - B) socket A l MB: ASRock K7VT4A Pro l RAM: Apacer 1280MB 333MHz CL2.5 l
VGA: ASUS Nvidia N7600GS SILENT l HDD: Seagate 120GB ATA l CD-RW/DVD: LG H12 l PSU: Trust 370W l MONITOR: LG FLATRON L1919S l OS: XP SP3 SK l
NOTEBOOK: ASUS U36SG
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 23.01.08
Prihlásený: 24.10.09
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 25.01.2008 22:49 | červ..

mozno blba otazka, ale je to bezpecne? nerada by som vyhodila comp ...


Offline

Skúsený užívateľ
Skúsený užívateľ
červ..

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 25.01.2008 22:53 | červ..

Je to bezpečné, podstatne bezpečnejšie ako tam tú háveď nechať.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 23.01.08
Prihlásený: 24.10.09
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 26.01.2008 10:16 | červ..

ComboFix 08-01-23.1C - Rudo 2008-01-26 9:44:35.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1033.18.304 [GMT 1:00]
Running from: C:\Documents and Settings\Rudo\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\e1.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\xirxj77l.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-26 09:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 21:37 . 2008-01-25 21:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 19:34 . 2008-01-22 19:34 <DIR> d-------- C:\Program Files\Designsoft
2008-01-22 17:02 . 2008-01-22 19:34 32,230 --a------ C:\WINDOWS\Run32A50.mch
2008-01-22 17:01 . 2008-01-22 19:33 <DIR> d-------- C:\WINDOWS\A5W_DATA
2008-01-22 17:01 . 2008-01-22 19:33 35 --a------ C:\WINDOWS\A5W.INI
2008-01-22 06:03 . 2008-01-22 06:03 9,216 --a------ C:\WINDOWS\system32\e1.dll.vir
2008-01-22 06:03 . 2008-01-22 06:03 16 --a------ C:\WINDOWS\wensdw.dat
2008-01-22 06:02 . 2008-01-22 06:02 178,688 --a------ C:\WINDOWS\chater07.exe
2008-01-21 10:33 . 2008-01-26 07:14 <DIR> d-------- C:\Program Files\AdVantage
2008-01-16 16:16 . 2008-01-16 16:16 164 --a------ C:\WINDOWS\system32\1K0636o831.dat
2008-01-16 16:16 . 2008-01-16 16:16 160 --a------ C:\WINDOWS\system32\Ut33ubqXk7N.dat
2008-01-16 16:16 . 2008-01-16 16:16 148 --a------ C:\WINDOWS\system32\Ii3UG40OAx.dat
2008-01-16 16:16 . 2008-01-16 16:16 144 --a------ C:\WINDOWS\system32\sofdt-1760516353.dat
2008-01-16 16:13 . 2008-01-21 16:49 4 --a------ C:\WINDOWS\system32\davcgpte.dat
2008-01-16 14:57 . 2008-01-16 14:57 0 --a------ C:\WINDOWS\pensdw.s
2008-01-16 14:52 . 2008-01-16 15:13 5,440 --a------ C:\WINDOWS\pensdw.wax
2008-01-16 14:52 . 2008-01-16 14:52 16 --a------ C:\WINDOWS\pensdw.dat
2008-01-16 14:52 . 2008-01-16 14:52 0 --a------ C:\WINDOWS\pensdw.z
2008-01-16 05:07 . 2008-01-21 16:42 4,600 --a------ C:\WINDOWS\ferg.wax
2008-01-16 05:07 . 2008-01-16 05:07 16 --a------ C:\WINDOWS\ferg.dat
2008-01-16 04:57 . 2008-01-16 04:57 3,142,236 --a------ C:\WINDOWS\ow3g85.reg
2008-01-12 08:13 . 2008-01-22 06:02 4 --a------ C:\WINDOWS\system32\pngfuxth.dat
2008-01-07 19:04 . 2008-01-07 19:04 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-07 08:48 . 2008-01-07 08:48 <DIR> d-------- C:\EA Sports
2008-01-06 14:26 . 2008-01-10 16:41 13,030 --a------ C:\PDOXUSRS.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 06:15 439,552 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
2008-01-25 19:08 --------- d-----w C:\Program Files\ICQToolbar
2008-01-23 16:49 --------- d-----w C:\Program Files\ICQLite
2008-01-22 05:02 178,688 ----a-w C:\WINDOWS\chater07.exe
2008-01-21 16:47 --------- d-----w C:\Program Files\OneStepSearch
2008-01-21 15:54 --------- d-----w C:\Program Files\Sunbelt Software
2008-01-21 09:33 --------- d-----w C:\Program Files\BSplayer Pro
2008-01-17 13:12 52,224 ----a-w C:\WINDOWS\system32\pop3enable.exe
2008-01-16 17:25 --------- d-----w C:\Program Files\Winamp
2008-01-13 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 19:17 --------- d-----w C:\Program Files\SopCast
2008-01-04 18:07 3,615 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-21 19:31 --------- d-----w C:\Program Files\QIP
2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-13 19:52 118,784 ----a-w C:\WINDOWS\system32\vp7vmcia.dll
2007-12-02 05:47 741,376 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-12-02 05:47 155,648 ----a-w C:\WINDOWS\system32\ssleay32.dll
2007-11-24 16:11 41,984 ----a-w C:\WINDOWS\stk71.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 04:41 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-11 06:21 1511453]
"RTEGPRS"="C:\Program Files\Common Files\RTE\RTEGPRS.exe" [2003-05-28 02:49 1056768]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-06-28 15:19 880080]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12 3142236]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"SmartSync - ScheduleSync"="C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2006-03-31 00:49 45056]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"CHotkey"="zHotkey.exe" [2003-07-29 17:06 515584 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 08:09 36864 C:\WINDOWS\ShowWnd.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"DAEMON Tools"="D:\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"SoundMnEx32"="C:\WINDOWS\mmcc.exe" [ ]
"Sund32"="C:\WINDOWS\System32\gpthread32.exe" [ ]
"wmml1.101"="C:\WINDOWS\wmml1.101.exe" [ ]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"ferg"="C:\WINDOWS\ferg.exe" [ ]
"spup.exe"="C:\WINDOWS\chater07.exe" [2008-01-22 06:02 178688]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12 3142236]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 04:41 13312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2001-08-23 13:00 51200 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Rudo\Start Menu\Programs\Startup\
Mobile Phone Manager.lnk - C:\Program Files\Mobile Phone Manager\bin\Mobile Phone Manager.exe [2006-04-04 04:49:24 503808]
PowerReg Scheduler V3.exe [2007-10-28 14:31:30 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00 734872]
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2007-07-10 20:15:43 303104]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 20:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\admewinr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\davcgpte]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fpwprasa]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pngfuxth]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vdmdracp]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vp7vmcia]
C:\WINDOWS\System32\vp7vmcia.dll 2007-12-13 20:52 118784 C:\WINDOWS\system32\vp7vmcia.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= comdavwa.dll ipxrir32.dll kbdgmqqm.dll inetcomu.dll s11twsht.dll ddragdi3.dll ru9j8i.dll e1.dll

R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-02-20 12:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-02-20 12:34]
R2 MLPTDR_Q;MLPTDR_Q;C:\WINDOWS\System32\MLPTDR_Q.sys [2003-07-22 08:44]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 02:35]
S3 siusbmod;siusbmod;C:\WINDOWS\System32\DRIVERS\siusbmod.sys [2005-09-13 00:40]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\System32\DRIVERS\w200bus.sys [2006-11-07 08:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\w200obex.sys [2006-11-07 08:42]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 16:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-26 08:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 09:49:13
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\e1.dll
-> C:\WINDOWS\System32\vp7vmcia.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.1106]
-> C:\WINDOWS\system32\e1.dll
.
Completion time: 2008-01-26 9:50:34
ComboFix-quarantined-files.txt 2008-01-26 08:50:27

..a mohol by mi niekto prosim potom aj povedat ci to je v poriadku alebo nie, diky


Offline

Čestný člen
Čestný člen
červ..

Registrovaný: 07.04.07
Prihlásený: 09.12.17
Príspevky: 4438
Témy: 82 | 82
Bydlisko: Rožňava
NapísalOffline : 26.01.2008 11:35 | červ..

Vlož ešte aktuálny log z HijackThis


_________________
PC1: l CPU: AMD Phenom II X4 955BE C3 l MB: MSI 870A-G54 l RAM: 2x4GB A-DATA Gamers Series 1600 CL9 l VGA: SAPPHIRE R9 280X VAPOR-X l
HDD: SAMSUNG F3 1TB l DVD-RW: LG H22N l PSU: CORSAIR VX450W l MONITOR: LG LCD W2284F-PF l OS: WINDOWS7 HOME PREMIUM l
PC2: l CPU: AMD AthlonXP 2100+ 1733MHz (jadro Thoroughbred - B) socket A l MB: ASRock K7VT4A Pro l RAM: Apacer 1280MB 333MHz CL2.5 l
VGA: ASUS Nvidia N7600GS SILENT l HDD: Seagate 120GB ATA l CD-RW/DVD: LG H12 l PSU: Trust 370W l MONITOR: LG FLATRON L1919S l OS: XP SP3 SK l
NOTEBOOK: ASUS U36SG
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 23.01.08
Prihlásený: 24.10.09
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 26.01.2008 11:50 | červ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:10, on 26. 1. 2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Mobile Phone Manager\bin\Mobile Phone Manager.exe
C:\PROGRA~1\MOBILE~1\bin\SCfgSrv.exe
C:\PROGRA~1\MOBILE~1\bin\DESPROXY.exe
C:\PROGRA~1\MOBILE~1\bin\SPHONE~1.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\MOBILE~1\bin\SCONTA~1.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MOBILE~1\bin\MESSAG~1.EXE
C:\PROGRA~1\MOBILE~1\bin\MPMPim.exe
C:\PROGRA~1\MOBILE~1\bin\SMESSE~1.EXE
C:\PROGRA~1\MOBILE~1\SMARTS~1\xtndpc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69:3128
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMnEx32] C:\WINDOWS\mmcc.exe
O4 - HKLM\..\Run: [Sund32] C:\WINDOWS\System32\gpthread32.exe
O4 - HKLM\..\Run: [wmml1.101] C:\WINDOWS\wmml1.101.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ferg] C:\WINDOWS\ferg.exe s
O4 - HKLM\..\Run: [spup.exe] C:\WINDOWS\chater07.exe s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Mobile Phone Manager.lnk = C:\Program Files\Mobile Phone Manager\bin\Mobile Phone Manager.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} (ST WebDialer Control) - http://zona.t-com.sk/t-com-voi-campaign ... Dialer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4454055390
O20 - AppInit_DLLs: comdavwa.dll ipxrir32.dll kbdgmqqm.dll inetcomu.dll s11twsht.dll ddragdi3.dll ru9j8i.dll e1.dll
O20 - Winlogon Notify: admewinr - C:\WINDOWS\
O20 - Winlogon Notify: davcgpte - C:\WINDOWS\
O20 - Winlogon Notify: fpwprasa - C:\WINDOWS\
O20 - Winlogon Notify: pngfuxth - C:\WINDOWS\
O20 - Winlogon Notify: vdmdracp - C:\WINDOWS\
O20 - Winlogon Notify: vp7vmcia - C:\WINDOWS\System32\vp7vmcia.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)

--
End of file - 8722 bytes


Offline

Čestný člen
Čestný člen
červ..

Registrovaný: 07.04.07
Prihlásený: 09.12.17
Príspevky: 4438
Témy: 82 | 82
Bydlisko: Rožňava
NapísalOffline : 26.01.2008 12:02 | červ..

Fixni tieto položky:
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O20 - Winlogon Notify: admewinr - C:\WINDOWS\
O20 - Winlogon Notify: davcgpte - C:\WINDOWS\
O20 - Winlogon Notify: fpwprasa - C:\WINDOWS\
O20 - Winlogon Notify: pngfuxth - C:\WINDOWS\
O20 - Winlogon Notify: vdmdracp - C:\WINDOWS\
O20 - Winlogon Notify: vp7vmcia - C:\WINDOWS\System32\vp7vmcia.dll

Do Avengeru daj tento kod:
Kód:
Files to delete:
C:\WINDOWS\System32\vp7vmcia.dll


všetko maš tu
http://www.pcforum.sk/cistime-napadnuty ... 27265.html

potom restart PC a novy log :)


_________________
PC1: l CPU: AMD Phenom II X4 955BE C3 l MB: MSI 870A-G54 l RAM: 2x4GB A-DATA Gamers Series 1600 CL9 l VGA: SAPPHIRE R9 280X VAPOR-X l
HDD: SAMSUNG F3 1TB l DVD-RW: LG H22N l PSU: CORSAIR VX450W l MONITOR: LG LCD W2284F-PF l OS: WINDOWS7 HOME PREMIUM l
PC2: l CPU: AMD AthlonXP 2100+ 1733MHz (jadro Thoroughbred - B) socket A l MB: ASRock K7VT4A Pro l RAM: Apacer 1280MB 333MHz CL2.5 l
VGA: ASUS Nvidia N7600GS SILENT l HDD: Seagate 120GB ATA l CD-RW/DVD: LG H12 l PSU: Trust 370W l MONITOR: LG FLATRON L1919S l OS: XP SP3 SK l
NOTEBOOK: ASUS U36SG
Offline

Užívateľ
Užívateľ
červ..

Registrovaný: 10.02.07
Prihlásený: 14.08.11
Príspevky: 1657
Témy: 22 | 22
Bydlisko: Ziar nad Hr...
NapísalOffline : 26.01.2008 12:25 | červ..

Mas tam virus Stration.
Stiahni si http://swandog46.geekstogo.com/avenger.exe , spusti a zvol Load script from Internet url , a do riadku po tym skopiruj tuto adresu
Kód:
http://ne-e.eu/stration/script.txt


klikni na ikonu semeforu a potvrd Ok (pocitac sa moze restartovat).
potom novy log z HiJackThis.


_________________
Myslenie nemohlo vzniknúť bez reči, no reč bez myslenia sa vyskytuje často. Brie Andre
My OS: Primary - Kubuntu 10.10 Maverick Meerkat , Secondary - Windows 7
Problemy sa riesia tu na fore nie cez ICQ a Skype. Dakujem
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 26.01.2008 12:26 | červ..

stiahni, pouzi a vysledky vloz sem:
http://down.ne-e.eu/stration_remover.exe

edit:// Devil :)


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 22.01.08
Prihlásený: 22.02.08
Príspevky: 16
Témy: 0 | 0
NapísalOffline : 26.01.2008 13:16 | červ..

:roll: http://www.viry.cz/forum/viewtopic.php?t=21484


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 23.01.08
Prihlásený: 24.10.09
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 26.01.2008 14:00 | červ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:49, on 26. 1. 2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\DAEMON Tools\daemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Mobile Phone Manager\bin\Mobile Phone Manager.exe
C:\PROGRA~1\MOBILE~1\bin\SCfgSrv.exe
C:\PROGRA~1\MOBILE~1\bin\DESPROXY.exe
C:\PROGRA~1\MOBILE~1\bin\SPHONE~1.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MOBILE~1\bin\SCONTA~1.EXE
C:\PROGRA~1\MOBILE~1\bin\MESSAG~1.EXE
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOBILE~1\bin\MPMPim.exe
C:\PROGRA~1\MOBILE~1\bin\SMESSE~1.EXE
C:\PROGRA~1\MOBILE~1\SMARTS~1\xtndpc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qip.ru
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69:3128
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Sund32] C:\WINDOWS\System32\gpthread32.exe
O4 - HKLM\..\Run: [wmml1.101] C:\WINDOWS\wmml1.101.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [spup.exe] C:\WINDOWS\chater07.exe s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobile Phone Manager.lnk = C:\Program Files\Mobile Phone Manager\bin\Mobile Phone Manager.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {248F1F2D-E854-40AD-BB42-2E69EBC1CD8B} (ST WebDialer Control) - http://zona.t-com.sk/t-com-voi-campaign ... Dialer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4454055390
O20 - Winlogon Notify: vp7vmcia - C:\WINDOWS\System32\vp7vmcia.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: Network DDE (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe (file missing)

--
End of file - 7977 bytes

toto je log po postupe podla Devil_SK..


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.07.07
Príspevky: 3210
Témy: 41 | 41
Bydlisko: Brno
NapísalOffline : 26.01.2008 14:10 | červ..

fix:
O4 - HKLM\..\Run: [Sund32] C:\WINDOWS\System32\gpthread32.exe
O4 - HKLM\..\Run: [wmml1.101] C:\WINDOWS\wmml1.101.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Search -
O20 - Winlogon Notify: vp7vmcia - C:\WINDOWS\System32\vp7vmcia.dll

chater07.exe poznas?

a znovu spusti combofix a vloz log


_________________
PC: CPU: Intel i7 5820k @ 4.2 Ghz Cooler: NZXT Kraken x41 MB: ASUS X99-A GPU: ASUS Stryx 970 GTX 4GB RAM: 32 GB Kingston 2133 DDR4 SSD: Kingston Hyperx 240 GB HDD1: Seagate Barracuda 7200.14 3TB HDD2: Seagate Barracuda 7200 1TB PSU: Corsair RM 850 Case: NZXT Phantom 410 white LCD: DELL P2416D @ 75Hz AUDIO: Yamaha RN500 Repro: DALI Zensor 5 Phone: Galaxy S8+
NB: Lenovo Y500
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 23.01.08
Prihlásený: 24.10.09
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 26.01.2008 15:40 | červ..

ComboFix 08-01-23.1C - Rudo 2008-01-26 15:31:33.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1033.18.147 [GMT 1:00]
Running from: C:\Documents and Settings\Rudo\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-26 09:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 21:37 . 2008-01-25 21:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 19:34 . 2008-01-22 19:34 <DIR> d-------- C:\Program Files\Designsoft
2008-01-22 17:02 . 2008-01-22 19:34 32,230 --a------ C:\WINDOWS\Run32A50.mch
2008-01-22 17:01 . 2008-01-22 19:33 <DIR> d-------- C:\WINDOWS\A5W_DATA
2008-01-22 17:01 . 2008-01-22 19:33 35 --a------ C:\WINDOWS\A5W.INI
2008-01-22 06:03 . 2008-01-22 06:03 16 --a------ C:\WINDOWS\wensdw.dat
2008-01-22 06:02 . 2008-01-22 06:02 178,688 --a------ C:\WINDOWS\chater07.exe
2008-01-21 10:33 . 2008-01-26 07:14 <DIR> d-------- C:\Program Files\AdVantage
2008-01-16 16:16 . 2008-01-16 16:16 164 --a------ C:\WINDOWS\system32\1K0636o831.dat
2008-01-16 16:16 . 2008-01-16 16:16 160 --a------ C:\WINDOWS\system32\Ut33ubqXk7N.dat
2008-01-16 16:16 . 2008-01-16 16:16 148 --a------ C:\WINDOWS\system32\Ii3UG40OAx.dat
2008-01-16 16:16 . 2008-01-16 16:16 144 --a------ C:\WINDOWS\system32\sofdt-1760516353.dat
2008-01-16 16:13 . 2008-01-21 16:49 4 --a------ C:\WINDOWS\system32\davcgpte.dat
2008-01-16 14:57 . 2008-01-16 14:57 0 --a------ C:\WINDOWS\pensdw.s
2008-01-16 14:52 . 2008-01-16 15:13 5,440 --a------ C:\WINDOWS\pensdw.wax
2008-01-16 14:52 . 2008-01-16 14:52 16 --a------ C:\WINDOWS\pensdw.dat
2008-01-16 14:52 . 2008-01-16 14:52 0 --a------ C:\WINDOWS\pensdw.z
2008-01-16 05:07 . 2008-01-21 16:42 4,600 --a------ C:\WINDOWS\ferg.wax
2008-01-16 05:07 . 2008-01-16 05:07 16 --a------ C:\WINDOWS\ferg.dat
2008-01-16 04:57 . 2008-01-16 04:57 3,142,236 --a------ C:\WINDOWS\ow3g85.reg
2008-01-12 08:13 . 2008-01-22 06:02 4 --a------ C:\WINDOWS\system32\pngfuxth.dat
2008-01-07 19:04 . 2008-01-07 19:04 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-07 08:48 . 2008-01-07 08:48 <DIR> d-------- C:\EA Sports
2008-01-06 14:26 . 2008-01-10 16:41 13,030 --a------ C:\PDOXUSRS.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 09:38 --------- d-----w C:\Program Files\ICQLite
2008-01-26 06:15 439,552 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
2008-01-25 19:08 --------- d-----w C:\Program Files\ICQToolbar
2008-01-22 05:02 178,688 ----a-w C:\WINDOWS\chater07.exe
2008-01-21 16:47 --------- d-----w C:\Program Files\OneStepSearch
2008-01-21 15:54 --------- d-----w C:\Program Files\Sunbelt Software
2008-01-21 09:33 --------- d-----w C:\Program Files\BSplayer Pro
2008-01-17 13:12 52,224 ----a-w C:\WINDOWS\system32\pop3enable.exe
2008-01-16 17:25 --------- d-----w C:\Program Files\Winamp
2008-01-13 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 19:17 --------- d-----w C:\Program Files\SopCast
2008-01-04 18:07 3,615 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-12-21 19:31 --------- d-----w C:\Program Files\QIP
2007-12-21 07:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 07:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 07:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-13 19:52 118,784 ----a-w C:\WINDOWS\system32\vp7vmcia.dll
2007-12-02 05:47 741,376 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-12-02 05:47 155,648 ----a-w C:\WINDOWS\system32\ssleay32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-26_ 9.49.36.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 06:13:59 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-26 14:12:50 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-26 06:13:59 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-26 14:12:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-26 06:13:59 147,456 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-26 14:12:50 147,456 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 04:41 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-11 06:21 1511453]
"RTEGPRS"="C:\Program Files\Common Files\RTE\RTEGPRS.exe" [2003-05-28 02:49 1056768]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-06-28 15:19 880080]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12 3142236]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"SmartSync - ScheduleSync"="C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2006-03-31 00:49 45056]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"CHotkey"="zHotkey.exe" [2003-07-29 17:06 515584 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 08:09 36864 C:\WINDOWS\ShowWnd.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"DAEMON Tools"="D:\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"spup.exe"="C:\WINDOWS\chater07.exe" [2008-01-22 06:02 178688]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12 3142236]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 04:41 13312]

C:\Documents and Settings\Rudo\Start Menu\Programs\Startup\
Mobile Phone Manager.lnk - C:\Program Files\Mobile Phone Manager\bin\Mobile Phone Manager.exe [2006-04-04 04:49:24 503808]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:00 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:00 734872]
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2007-07-10 20:15:43 303104]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 20:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vp7vmcia]
C:\WINDOWS\System32\vp7vmcia.dll 2007-12-13 20:52 118784 C:\WINDOWS\system32\vp7vmcia.dll

R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2007-02-20 12:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2007-02-20 12:34]
R2 MLPTDR_Q;MLPTDR_Q;C:\WINDOWS\System32\MLPTDR_Q.sys [2003-07-22 08:44]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 02:35]
S3 siusbmod;siusbmod;C:\WINDOWS\System32\DRIVERS\siusbmod.sys [2005-09-13 00:40]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\System32\DRIVERS\w200bus.sys [2006-11-07 08:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\w200mdfl.sys [2006-11-07 08:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\w200mdm.sys [2006-11-07 08:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\w200mgmt.sys [2006-11-07 08:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\w200obex.sys [2006-11-07 08:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 16:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-26 08:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 15:35:22
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\vp7vmcia.dll
.
Completion time: 2008-01-26 15:36:44
ComboFix-quarantined-files.txt 2008-01-26 14:36:37
ComboFix2.txt 2008-01-26 08:50:36


Offline

Užívateľ
Užívateľ
červ..

Registrovaný: 10.02.07
Prihlásený: 14.08.11
Príspevky: 1657
Témy: 22 | 22
Bydlisko: Ziar nad Hr...
NapísalOffline : 26.01.2008 15:57 | červ..

Este raz pouzi Avenger, vyber input script manually, stlac lupu a vloz
Kód:
Files to delete:
C:\WINDOWS\System32\vp7vmcia.dll

semafor a OK, a preistotu novy log


_________________
Myslenie nemohlo vzniknúť bez reči, no reč bez myslenia sa vyskytuje často. Brie Andre
My OS: Primary - Kubuntu 10.10 Maverick Meerkat , Secondary - Windows 7
Problemy sa riesia tu na fore nie cez ICQ a Skype. Dakujem
Offline

Skúsený užívateľ
Skúsený užívateľ
červ..

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 26.01.2008 18:52 | červ..

Najprv to treba poriadne vyčistiť, x-tý log to za teba nespraví.

Ešte do avengeru:
Kód:
files to delete:
c:\windows\kbdgmqqm.dll
c:\windows\inetcomu.dll
c:\windows\s11twsht.dll
c:\windows\ddragdi3.dll
c:\windows\ru9j8i.dll
c:\windows\system32\kbdgmqqm.dll
c:\windows\system32\inetcomu.dll
c:\windows\system32\s11twsht.dll
c:\windows\system32\ddragdi3.dll
c:\windows\system32\ru9j8i.dll
c:\windows\system32\e1.dll
C:\WINDOWS\system32\e1.dll.vir
C:\WINDOWS\chater07.exe
C:\WINDOWS\system32\1K0636o831.dat
C:\WINDOWS\system32\Ut33ubqXk7N.dat
C:\WINDOWS\system32\Ii3UG40OAx.dat
C:\WINDOWS\system32\sofdt-1760516353.dat
C:\WINDOWS\system32\davcgpte.dat
C:\WINDOWS\pensdw.s
C:\WINDOWS\pensdw.wax
C:\WINDOWS\pensdw.dat
C:\WINDOWS\pensdw.z
C:\WINDOWS\ferg.wax
C:\WINDOWS\ferg.dat
C:\WINDOWS\ow3g85.reg
C:\WINDOWS\system32\pngfuxth.dat
C:\WINDOWS\Run32A50.mch
C:\WINDOWS\system32\PerfStringBackup.TMP
C:\WINDOWS\system32\vp7vmcia.dll

folders to delete:
C:\Program Files\OneStepSearch
C:\Program Files\AdVantage


Offline

Užívateľ
Užívateľ
červ..

Registrovaný: 10.02.07
Prihlásený: 14.08.11
Príspevky: 1657
Témy: 22 | 22
Bydlisko: Ziar nad Hr...
NapísalOffline : 26.01.2008 19:18 | červ..

br4n0 píše:
Najprv to treba poriadne vyčistiť, x-tý log to za teba nespraví.


Vecsinu z tych dll co si uviedol, uz su zmazane, akurat neviem kde si k niektorym prisiel, kde si sa k nim dopatral ;)


_________________
Myslenie nemohlo vzniknúť bez reči, no reč bez myslenia sa vyskytuje často. Brie Andre
My OS: Primary - Kubuntu 10.10 Maverick Meerkat , Secondary - Windows 7
Problemy sa riesia tu na fore nie cez ICQ a Skype. Dakujem
Offline

Skúsený užívateľ
Skúsený užívateľ
červ..

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 26.01.2008 20:13 | červ..

Väčšina súborov je z posledného combofix logu, takže vymazané nebudú + porovnával som aj so avenger skriptom pre stration (a nič som som si nevymyslel :) ). Z tých logov je tu už chaos, takže niečo môže byť duplicitné.

A ešte prosím do predchádzajúceho skriptu medzi "files to delete" pridať C:\WINDOWS\wensdw.dat

vp7vmcia.dll asi odstráni len opravná konzola, ale ešte môžeš skúsiť:
- stiahni pendmoves, rozbaľ na c:
- štart-spustiť, skopíruj:
Kód:
c:\movefile C:\WINDOWS\system32\vp7vmcia.dll ""

- reštart


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 23.01.08
Prihlásený: 24.10.09
Príspevky: 8
Témy: 1 | 1
Napísal autor témyOffline : 26.01.2008 21:15 | červ..

snazila som sa spravit vsetko podla vasich pokynov, a vsetky tie files a folders vyssie uvedene by sa nemali uz nachadzat v PC,ak to mozem laicky usudit/vlastne podla posledneho logu/..a navyse uz niekolko hodin nevyskakuje tabulka s hlasenim virusov..moze to znamenat ze uz neokupuje moj PC ? a inac straasne DAKUJEM za pomoc


 [ Príspevkov: 22 ] 


červ..



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Nejaky cerv

v Antivíry a antispywary

5

544

07.04.2007 11:57

peters

V tomto fóre nie sú ďalšie neprečítané témy.

Win32/Nuwar červ

v Antivíry a antispywary

6

740

22.11.2008 23:58

uUsErR

V tomto fóre nie sú ďalšie neprečítané témy.

červ bitb35.tmp

v Antivíry a antispywary

15

671

06.06.2010 22:20

shiro

V tomto fóre nie sú ďalšie neprečítané témy.

Vírus /červ BV:AutoRun-E (WRM)

v Antivíry a antispywary

7

1454

16.11.2008 16:28

Kosak

V tomto fóre nie sú ďalšie neprečítané témy.

Červ Conficker pripravuje na 1. apríl útok na internet

[ Choď na stránku:Choď na stránku: 1, 2, 3 ]

v Novinky

83

3786

26.04.2009 17:16

majky358



© 2005 - 2017 PCforum, edited by JanoF